{"data":{"id":"21c52bd2-c7e9-43e9-bb66-ccd18bb58eda","title":"CVE-2022-35997: TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is n","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.sparse.cross` function where passing a non-scalar `separator` input (a parameter that isn't a single value) causes a CHECK fail, which can crash the program in a denial of service attack (making a system unavailable by overwhelming it). The flaw affects multiple versions of TensorFlow.","solution":"The issue has been patched in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35997","publishedAt":"2022-09-17T03:15:10.467Z","cveId":"CVE-2022-35997","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00044,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}